Login cookie stopped working?
Added by Mark Travis about 1 year ago
Anyone else have issues with the login cookie?
I've had my app set up just like the Hangman sample game where it saves my password for two weeks and logs me in automatically. It's been working fine for years.
I recently upgraded my Chrome browser and the automatic login function no longer works. (MacOS Sonoma latest as well)
Same thing with Firefox.
Not sure if it's a browser thing or an OS thing.
Thought I'd ask here first before I spent a ton of time chasing it down.
Replies (3)
RE: Login cookie stopped working? - Added by Mark Travis about 1 year ago
Well, I don't know why it fixed it, but I deleted all rows from my auth_token table and login cookies are working again.
When I stepped through the whole auth token process in the debugger, I saw it couldn't find the hash value it was looking for.
Somewhere along the way, it stored a hash value in a cookie but the hash value didn't get recorded to the auth_token table. That's my hypothesis. No idea why, really.
RE: Login cookie stopped working? - Added by Matthias Van Ceulebroeck 12 months ago
Hello Mark,
I apologize for the delay, I am currently going through my backlog.
I think you encountered the issue from here: #12158. Or perhaps an edge-case of it.
In Wt 4.10.0 we introduced a new mechanism for cookies (#7814), there was an omission there, that could in specific cases lead to the wrong cookie being set/retrieved, since its path was incorrect.
This could lead to existing cookies misbehaving (not being found / being deleted), since no valid cookie could be found, for the path.
This is in essence a "breaking change", but in a very minimal manner. Also, not everybody will encounter this issue, only certain deployment paths.
Best,
Matthias
RE: Login cookie stopped working? - Added by Mark Travis 12 months ago
No worries! I fixed it at the time by deleting all cookies from the DB table, and it's worked fine since then. Glad to know the reason, I feel confident now that it will stay fixed.